[FFmpeg-devel] [PATCH 2/3] exr: fix out-of-bounds read
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Nov 16 21:56:50 EET 2016
channel_index can be -1.
This problem was introduced in commit
2dd7b46132e2801ef34fe1b5c27e0113cdcfa2f9.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavcodec/exr.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 54869d2..bff08f2 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1430,8 +1430,7 @@ static int decode_header(EXRContext *s)
return AVERROR_PATCHWELCOME;
}
- if (s->channel_offsets[channel_index] == -1){/* channel have not been previously assign */
- if (channel_index >= 0) {
+ if (channel_index >= 0 && s->channel_offsets[channel_index] == -1) { /* channel has not been previously assigned */
if (s->pixel_type != EXR_UNKNOWN &&
s->pixel_type != current_pixel_type) {
av_log(s->avctx, AV_LOG_ERROR,
@@ -1440,7 +1439,6 @@ static int decode_header(EXRContext *s)
}
s->pixel_type = current_pixel_type;
s->channel_offsets[channel_index] = s->current_channel_offset;
- }
}
s->channels = av_realloc(s->channels,
--
2.10.2
More information about the ffmpeg-devel
mailing list